/// <summary>
		/// Prepares the response to an access token request.
		/// </summary>
		/// <param name="request">The request for an access token.</param>
		/// <param name="includeRefreshToken">If set to <c>true</c>, the response will include a long-lived refresh token.</param>
		/// <returns>The response message to send to the client.</returns>
		public virtual IDirectResponseProtocolMessage PrepareAccessTokenResponse(AccessTokenRequestBase request, bool includeRefreshToken = true) {
			Contract.Requires<ArgumentNullException>(request != null);

			var tokenRequest = (IAuthorizationCarryingRequest)request;
			var response = new AccessTokenSuccessResponse(request) {
				Lifetime = this.AuthorizationServerServices.GetAccessTokenLifetime(request),
				HasRefreshToken = includeRefreshToken,
			};
			response.Scope.ResetContents(tokenRequest.AuthorizationDescription.Scope);
			return response;
		}
Exemple #2
0
		/// <summary>
		/// Updates the authorization state maintained by the client with the content of an outgoing response.
		/// </summary>
		/// <param name="authorizationState">The authorization state maintained by the client.</param>
		/// <param name="accessTokenSuccess">The access token containing response message.</param>
		internal static void UpdateAuthorizationWithResponse(IAuthorizationState authorizationState, AccessTokenSuccessResponse accessTokenSuccess) {
			Requires.NotNull(authorizationState, "authorizationState");
			Requires.NotNull(accessTokenSuccess, "accessTokenSuccess");

			authorizationState.ExtraData = accessTokenSuccess.ExtraData;
			authorizationState.AccessToken = accessTokenSuccess.AccessToken;
			authorizationState.AccessTokenExpirationUtc = DateTime.UtcNow + accessTokenSuccess.Lifetime;
			authorizationState.AccessTokenIssueDateUtc = DateTime.UtcNow;

			// The authorization server MAY choose to renew the refresh token itself.
			if (accessTokenSuccess.RefreshToken != null) {
				authorizationState.RefreshToken = accessTokenSuccess.RefreshToken;
			}

			// An included scope parameter in the response only describes the access token's scope.
			// Don't update the whole authorization state object with that scope because that represents
			// the refresh token's original scope.
			if ((authorizationState.Scope == null || authorizationState.Scope.Count == 0) && accessTokenSuccess.Scope != null) {
				authorizationState.Scope.ResetContents(accessTokenSuccess.Scope);
			}

			authorizationState.SaveChanges();
		}
		/// <summary>
		/// Prepares the response to an access token request.
		/// </summary>
		/// <param name="request">The request for an access token.</param>
		/// <param name="allowRefreshToken">If set to <c>true</c>, the response will include a long-lived refresh token.</param>
		/// <returns>The response message to send to the client.</returns>
		private AccessTokenSuccessResponse PrepareAccessTokenResponse(AccessTokenRequestBase request, bool allowRefreshToken = true) {
			Requires.NotNull(request, "request");

			if (allowRefreshToken) {
				if (request is AccessTokenClientCredentialsRequest) {
					// Per OAuth 2.0 section 4.4.3 (draft 23), refresh tokens should never be included
					// in a response to an access token request that used the client credential grant type.
					Logger.OAuth.Debug("Suppressing refresh token in access token response because the grant type used by the client disallows it.");
					allowRefreshToken = false;
				}
			}

			var tokenRequest = (IAuthorizationCarryingRequest)request;
			var accessTokenRequest = (IAccessTokenRequestInternal)request;
			var response = new AccessTokenSuccessResponse(request) {
				HasRefreshToken = allowRefreshToken,
			};
			response.Scope.ResetContents(tokenRequest.AuthorizationDescription.Scope);
			return response;
		}
		/// <summary>
		/// Updates the authorization state maintained by the client with the content of an outgoing response.
		/// </summary>
		/// <param name="authorizationState">The authorization state maintained by the client.</param>
		/// <param name="accessTokenSuccess">The access token containing response message.</param>
		internal static void UpdateAuthorizationWithResponse(IAuthorizationState authorizationState, AccessTokenSuccessResponse accessTokenSuccess) {
			Contract.Requires<ArgumentNullException>(authorizationState != null);
			Contract.Requires<ArgumentNullException>(accessTokenSuccess != null);

			authorizationState.AccessToken = accessTokenSuccess.AccessToken;
			authorizationState.RefreshToken = accessTokenSuccess.RefreshToken;
			authorizationState.AccessTokenExpirationUtc = DateTime.UtcNow + accessTokenSuccess.Lifetime;
			authorizationState.AccessTokenIssueDateUtc = DateTime.UtcNow;
			if (accessTokenSuccess.Scope != null && accessTokenSuccess.Scope != authorizationState.Scope) {
				if (authorizationState.Scope != null) {
					Logger.OAuth.InfoFormat(
						"Requested scope of \"{0}\" changed to \"{1}\" by authorization server.",
						authorizationState.Scope,
						accessTokenSuccess.Scope);
				}

				authorizationState.Scope.ResetContents(accessTokenSuccess.Scope);
			}

			authorizationState.SaveChanges();
		}
		/// <summary>
		/// Prepares the response to an access token request.
		/// </summary>
		/// <param name="request">The request for an access token.</param>
		/// <param name="includeRefreshToken">If set to <c>true</c>, the response will include a long-lived refresh token.</param>
		/// <returns>The response message to send to the client.</returns>
		public virtual IDirectResponseProtocolMessage PrepareAccessTokenResponse(AccessTokenRequestBase request, bool includeRefreshToken = true) {
			Requires.NotNull(request, "request");

			if (includeRefreshToken) {
				if (request is AccessTokenClientCredentialsRequest) {
					// Per OAuth 2.0 section 4.4.3 (draft 23), refresh tokens should never be included
					// in a response to an access token request that used the client credential grant type.
					Logger.OAuth.Debug("Suppressing refresh token in access token response because the grant type used by the client disallows it.");
					includeRefreshToken = false;
				}
			}

			var tokenRequest = (IAuthorizationCarryingRequest)request;
			var response = new AccessTokenSuccessResponse(request) {
				Lifetime = this.AuthorizationServerServices.GetAccessTokenLifetime(request),
				HasRefreshToken = includeRefreshToken,
			};
			response.Scope.ResetContents(tokenRequest.AuthorizationDescription.Scope);
			return response;
		}
		/// <summary>
		/// Prepares the response to an access token request.
		/// </summary>
		/// <param name="request">The request for an access token.</param>
		/// <param name="accessTokenEncryptingPublicKey">The crypto service provider with the public key to encrypt the access token to, such that the resource server will be able to decrypt it.</param>
		/// <param name="accessTokenLifetime">The access token's lifetime.</param>
		/// <param name="includeRefreshToken">If set to <c>true</c>, the response will include a long-lived refresh token.</param>
		/// <returns>The response message to send to the client.</returns>
		public virtual IDirectResponseProtocolMessage PrepareAccessTokenResponse(AccessTokenRequestBase request, RSACryptoServiceProvider accessTokenEncryptingPublicKey, TimeSpan? accessTokenLifetime = null, bool includeRefreshToken = true) {
			Contract.Requires<ArgumentNullException>(request != null);
			Contract.Requires<ArgumentNullException>(accessTokenEncryptingPublicKey != null);

			var tokenRequest = (IAuthorizationCarryingRequest)request;
			using (var crypto = this.AuthorizationServerServices.CreateAccessTokenSigningCryptoServiceProvider()) {
				var accessTokenFormatter = AccessToken.CreateFormatter(crypto, accessTokenEncryptingPublicKey);
				var accessToken = new AccessToken(tokenRequest.AuthorizationDescription, accessTokenLifetime);

				var response = new AccessTokenSuccessResponse(request) {
					AccessToken = accessTokenFormatter.Serialize(accessToken),
					Lifetime = accessToken.Lifetime,
				};
				response.Scope.ResetContents(tokenRequest.AuthorizationDescription.Scope);

				if (includeRefreshToken) {
					var refreshTokenFormatter = RefreshToken.CreateFormatter(this.AuthorizationServerServices.CryptoKeyStore);
					var refreshToken = new RefreshToken(tokenRequest.AuthorizationDescription);
					response.RefreshToken = refreshTokenFormatter.Serialize(refreshToken);
				}

				return response;
			}
		}